package control;

import java.sql.SQLException;
import java.sql.ResultSet;
import db.DBConnecter;
import control.SessionControl;


public class LoginControl {
	/*
	 * check username and password
	 * xuda
	 */
	
	private DBConnecter db;
	public LoginControl() {
		db = new DBConnecter();
	}
	
	public String loginCheck(String username, String password){
		ResultSet rs;
		String sql = "SELECT COUNT(*) FROM customer WHERE cst_id = '"+username+"' AND cst_password = '"+password+"' AND cst_state = 'act'";
		try{
			rs = db.query(sql);
			rs.next();//move to first line of the result set
			if(rs.getInt(1) >= 1){//match a user
				
				SessionControl session = new SessionControl();
				session.setSession("myusername", username);//insert into session
				return "success";
			}
				
			
		}catch(SQLException e){
			e.printStackTrace();
		}
		return "error";
		
	}
	public String adminLoginCheck(String username, String password){
		ResultSet rs;
		String sql = "SELECT COUNT(*) FROM admin WHERE AdminID = '"+username+"' AND AdminPw = '"+password+"'";
		try{
			rs = db.query(sql);
			rs.next();//move to first line of the result set
			if(rs.getInt(1) >= 1){//match a user
				
				SessionControl session = new SessionControl();
				session.setSession("adminusername", username);//insert into session
				return "success";
			}
				
			
		}catch(SQLException e){
			e.printStackTrace();
		}
		return "error";
		
	}
}
